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SECURE EXCHANGE OF AN AUTHENTICATION TOKEN 

FIELD OF THE INVENTION 

The invention relates in general to secxire coromunication systems and more 
specifically systems for securely exchanging an authentication token, 

BACKGROUND OF THE INVENTION 

Security of communication systems on a network is a major obstacle to 
transmission of private data faced by companies and individuals alike. Most businesses 
and individuals place great reliance on the privacy of information, and therefore 
unauthorized tampering with or theft of information could have serious financial and 
safety effects. A fixed user password is not a secure means of authentication because it 
is rarely changed and easily guessed. Once an unauthorized user determines a valid user 
password, the unauthorized user has access to all information in the user's computer 
account. 

To accomplish a secure exchange of information between two systems, a 
hardware authentication token can be employed, A hardware authentication token is a 
specialized device that gives the user a one-time password or method that the user inputs 
into the server expecting such input. One such token is tiie SecurlD™ token, developed 
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by RS A Security in Bedford, MA. The SecurlD™ system includes a SecurlD™ token 
generator which the user carries, and an access control module (ACM) which is 
connected to the computer to which the user wants access. The SecurE)™ token 
generator is a smart card that is time synchronized to the ACM. The SecurED™ token 
generator has a display for a sequence of random digits corresponding to the random 
digits generated by the ACM. The sequence of random digits is unique for each 
SecurlD™ token generator, and the random number displayed changes after a certain 
time limit. To obtain access to the server, the user inputs the random number displayed 
on the token generator. If the number entered by the user into the server matches the 
response expected by the server, the server concludes that the ixser is authentic. 

Due to the global electronic world in which we live, our lives are surrounded by 
electronic devices. People travel vdth cellxilar phones, a personal digital assistant 
(PDA), a laptop, etc. to be connected to people and other devices. Because of the 
number of devices people travel with already, people are becoming more likely to forget 
one of these devices or leave one of these devices imattended. Hardware authentication 
token generators such as the SecurlD™ are yet another item for people to remember and 
carry. Furthermore, the hardware authentication token generators add an additional cost 
to the user. Therefore, it is desirable to produce an equivalent authentication method for 
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exchanging information that does not require another item to travel with or to provide an 
additional cost to the user. 

SUMMARY OF THE DJVENTION 

The invention relates to a communication system that securely exchanges an 
authentication token. In one embodiment, the communication system includes a first 

» 

transmitter in communication with a first receiver and a second transmitter in 
communication with a second receiver. A comparator is in communication with the 
first receiver and the second transmitter. An output device is in communication with the 
second receiver. 

The user transmits user information to the first receiver over a first 
communication channel. The fiirst receiver receives this user information, and 
subsequently transmits a first verification message to the second receiver over a second 
communication channel. In response to the first verification message, the user sends a 
second verification message back to the first receiver over the first communication 
channel. The first receiver receives this second verification message and the comparator 
determines authenticity by comparing the first verification message transmitted over the 
second communication channel with the second verification message received over the 
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first communication channel. 

DESC3UP110N OF THE DRA\VINGS 

The aspects of the invention presented above and many of tlie accompanying 
advantages of the present invention will become better miderstood by referring to the 
included drawings, which show a system according to the preferred embodiment of the 
invention and in which: 

FIG. 1 is a block diagram of an embodiment of the communications system of this 
invention to securely exchange an authentication token. 

FIG. 2 is a flow chart illustrating an embodiment of the steps for executing an 
embodiment of the present invention. 

DESCXOPTION OF THE PREFERRED EMBODm 

In brief overview, the communication system in one embodiment includes a first 
computer, which may be referred to as a client computer, in communication with a 
second computer, which may be referred to as a server computer. The server computer 
is in turn in communication with a verifier, which in one embodiment is a mobile phone. 

A user wishing access to the server logs onto the client computer. In one 
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embodiment, the client computer then sends the user's user information to the server. 
The server uses the user information to find which verifier or mobile phone is associated 
with the user. The server then generates a datum or code which it transmits to the 
mobile phone associated with the user. The mobile phone displays the datum to the user 
who then enters the datum into the client computer. The client computer in turn sends 
the datum back to the server which compares the datum sent to the verifier with the 
datum received firom the client computer. If the two data match, the server then permits 
access by the user to the server. 

Referring to FIG. 1, the first computer, or client 10, is m commxmication with 
the second computer, or SCTver 30, over a communication channel 15. Communication 
channel 15 may be a secure communication channel. Server 30 is in turn in 
communication with the verifier 50 over a communication channel 40. Communication 
channel 40 may be a secure communication channel. The verifier 50, which in one 
embodiment is a mobile phone, displays to or communicates with the user. The user 
enters the information he or she received firom the display into the client 10. In this 
diagram, this is depicted as fiie verifier being in communication with the client 10 over a 
communication channel 55. 
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In another embodiment, the verifier 50 is a non-mobile telephone with a 
confidential phone line to the server 30. In yet another embodiment, the verifier 50 is a 
PDA capable of receiving message 35 over a confidential channel. In another 
embodiment, tlie verifier 50 is a laptop or beeper capable of communicating with server 
30 over a confidential commxinication channel. 

More specifically, message 20, sent from client 10 to server 30, in one 

r 

embodiment includes a user's name with which the server 30 recognizes the user and 
begins the process by which the server 30 allows access to the server 30 by the user. In 
another embodiment, message 20 is any code or method that server 30 accepts as a way 
to access the user's account on server 30. In yet another embodiment, message 20 is 
biometric information or a voice message that server 30 will recognize as user 
information for that particular user. Once the user information firom message 20 is 
received by server 30 over communication channel 1 5, server 30 determines a method to 
communicate with the verifier 50. In one embodiment, the method includes selecting 
the communication chaimel 40. Once such a method is determined, server 30 transmits 
a verification message 35 to the verifier 50. 

In one embodiment, the verifier 50 is a communication device such as a Global 
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System for Mobile (GSM) communications telephone. GSM is a communication 
standard for mobile telephones and provides a confidential communication channel 
between a caller and the GSM telephone. The server 30 sends a message 35 to the 
mobile phone via a Short Message Service (SMS) message. The GSM cellular phone 
supports the SMS message, as defined within ihe GSM digital phone standard. The 
advantage of SMS messages are that they can be sent and received simultaneously with 
GSM voice, data, and fax calls. By using this advantage, the GSM mobile phone will 
receive a SMS message while simultaneously being engaged on a call, and so the 
mobile phone will permit convearsation at the same time as connecting a laptop to a 
server and authenticating it. 

In one embodiment, the server 30 retiieves from its computer memory a mobile 
cellular telephone number for tiie user that can be used to communicate with the verifier 
50. Server 30 then generates the message 35 and transmits the message 35 to the 
verifier 50. In another embodunent, the message 35 generated by the server 30 is either 
mathematically manipulated or encrypted prior to the transmission to the verifier 50. 

In one embodiment, die contents of message 35 received by the verifier 50 are 
produced on tiie mobile cellular phone display. Similarly, in another embodiment, the 
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output of message 35 is accomplished by a voice message, an email, or any other 
method to report the contents of message 35 to the user. Although in this embodiment 
the verifier 50 is a cellular phone, any device which is capable of communications with 
server 30 can be used. 

As shown in FIG. 1, in one embodiment the verifier 50 displays the message 35 to 
the user. The user types in this information over communication channel 55 along with 
the user's password for the server 30 into the client 10. hi another embodiment, instead 
of displaying message 35 to the user and having the user type in this information to the 
client 10, the verifier 50 directly transmits another message 60 with the verification 
information 35 to the client 10 over a direct electrical, wireless or optical 
commvmication channel 55. The client 10 receives message 60 and automatically sends 
this information to server 30 through a message 65 over commimication chaimel 15. 

In one embodiment, the server 30 receives a message 65, extracts the verification 
information 35, and compares the verification information with the verification message 
35 it sent to the verifier 50. The server 30 accepts the user as authentic if the two 
messages match. If the two messages do not match, the user is not accepted and 
classified as unauthentic. It should be understood that any combination of messages 
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may be used as long as the server 30 can compare what it receives from the cUent 10 to 

what it sent to the verifier 50. 

The operation of the present invention in one embodiment is shown in FIG. 2. 

The user first transmits his usemame (101) to the server 30 by way of the client 10. The 
server 30 determines the method to communicate with the verifier 50 by accessing 
stored information (102). Subsequently, the server generates a random number (103). 
After the generation of the random number, the server concurrently transmits the 
random number to the verifier 50 and starts a timeout period in which the server must 
receive a verification message back from the client 1 0 (1 04). 

The verifier 50 then receives the random number and displays it for the user to 
read (105). The user types this random number along with the user's password to the 
30 into the cUent 10 (106). The cUent 10 passes this message 65 along to the 
30 for verification (107). The server lecdves the message 65 (108) and 
determines if the received message 65 was received within the timeout period (109). If 
it was not received in the required time, the server concludes that the user is not 
authentic (110). If the message was received within the timeout period, the server 
compares the received random number to the stored random number it sent and also 
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verifies the user's password (111). If these do not match (1 12), the server concludes 
that the user is not authentic (113). If these do match (1 12), the server determines that 
the user is authentic (114). 

While one embodiment of the invention has been illustrated, it will be 
appreciated that various changes can be made without parting from the scope of the 
invention. For example, the security between client 10 and server 30 is increased in one 
embodiment by using client 10 to encrypt the user's password using the random number 
before transmitting it to server 30. Additionally, communication channel 15 is 
confidential in another embodiment. 

The ultimate goal of the present invention is to supply the server 30 with any 
number or message that it is expecting in response to the transmitted message. So in 
one embodiment, the mathematical manipulation of the verification message 35 is 
computed mentally by the user. For example, the user adds one to the random number 
received from the server 30 and types this modified nuihber into the client 10, As long 
as the server 30 is expecting this manipulated message in response to the transmitted 
message, the user will be deemed authentic. 

It will be appreciated that the embodiments described above are merely examples 
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of the invention and that other embodhnents incorporating variations tiierein are 
considered to fall withia the scope of the invention. In view of the foregoing, what I 
claim is: 
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1 . A method for verifying a user to a first computer comprising the steps of: 

transmitting user information on a first communication channel; 
receiving said user information by said first computer; 

transmitting a first verification message to said user on a second coimnxmication 

channel in response to said user information; 
receiving said first verification message by said user; 

transmitting a second verification message by said user to said first computer over 
said first communication chaimel in resporise to said first verification 
message; 

receiving said second verification message by said first computer on said first 

communication channel; and 
comparing by said first computer said first verification message transmitted over 

said 

second commimication channel with said second verification message 
received 

over S2ud first communication channel. 

2. The method of claim 1, wherein said first verification message is a random number 
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generated by said first computer. 

3. The method of claim 1, wherein said second verification message comprises said first 

verification message. 

4. The method of claim 3, wherein said second verification message is a mathematical 

fimction of said first verification message. 

5. The method of claim 1, wherein said second verification message fiirther comprises said 

user's password to said first computer. 

6. The method of claiml, wherein said first communication channel is a cellular 

communication channel. 

7. The method of claim 1, wherein said second communication channel is a cellular 

communication channel. 

8. The method of claim 1, wherein said first communication channel is a confidential 

communication channel. 

9. The method of claim 1 , wherein said second communication channel is a confidential 

communication channel. 

1 0. The method of claim 1 , wherein transmittmg said first verification message further 
comprises the steps of starting a clock by said first computer and measuring a tnneout 
period by said clock wherein said timeout period defines the period of time during 
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wliich said second verification message .must be received by said first computer. 

1 1 . A system for securely exchanging an authentication token comprising: 

a first transmitter; 

a first receiver in communication with said first transmitter; 
a second transmitter; 

a second receiver in commimication witli said second transmitter; 

a comparator in commimication with said first receiver and said second 

transmitter; and 
an output device in communication with said second receiver, 
wherein said second transmitter transmits a first verification message to said 
second 

receiver over a second communication channel, 
wherein said first transmitter transmits a second verification message to said first 

receiver over a first communication chaimel, and 
wherein said comparator compares said first and said second verification 
messages. 

12. The system of claim 11, wherein said second communication chanjiel is a cellular 
communication channel. 
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IS. The system of claim 11, wherein said first communication channel is a cellular 
communication channel. 

14. The system of claim 11, wherein said first commxmication channel is a confidential 
communication channel. 

15. The system of claim 11, wherein said second communication chaimel is a confidential 
commxmication channel. 

16. The system of claim 11, wherein said comparator detemiines whether said second 
verification message transmitted by said first transmitter comprises said first verification 
message transmitted by said second transmitter. 

17. The system of claim 1 1, wherein said comparator determines whether said second 
verification message transmitted by said first transmitter comprises a password 
associated with a user. 

18. The system of claim 1 1, wherein said ouQ)Tit device transmits said second verification 

message. 

19. The system of claim 1 1, wherein said system finther comprises a first input device in 
communication with said first transmitter and said output device. 

20. The system of claim 19, wherein said output device is in communication with said first 
input device over a communication channel. 
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